H ELSINKI U NIVERSITY OF T ECHNOLOGY AAA Architecture for hierarchical wireless Mobile IPv4 Tom Weckström Telecommunications Software and Multimedia Laboratory of Information Processing Science Helsinki University of Technology Finland H ELSINKI U NIVERSITY OF T ECHNOLOGY
Introduction Wireless Internet gaining momentum Yankee: 1billion users by 2003 Is access the wireless killer application? Mobile users need to be authenticated, authorized, and correctly billed. H ELSINKI U NIVERSITY OF T ECHNOLOGY
Problem Special needs for AAA protocol in Open environment Wireless environment H ELSINKI U NIVERSITY OF T ECHNOLOGY Problem dimensions Trust Security Efficiency
H ELSINKI U NIVERSITY OF T ECHNOLOGY Scope Mobile IPv4 environment that is –Open –Hierarchical –Wireless Lots of active mobile users Frequent, fast handoffs
H ELSINKI U NIVERSITY OF T ECHNOLOGY Scope
H ELSINKI U NIVERSITY OF T ECHNOLOGY Hierarchical Mobile IPv4 CNHA Internet Home Network WLAN FA5 FA2 HFA1 FA1 FA4FA3FA6FA4 Mobile Node FA5 FA2 SFA FA2 FA5 FA1 FA4 HFA1 Foreign Network H ELSINKI U NIVERSITY OF T ECHNOLOGY Mobile Node
H ELSINKI U NIVERSITY OF T ECHNOLOGY Criteria From IDs, scope and RFC criteria, classified and prioritized General, dimensional and AAA criteria GQM approach for measuring success
H ELSINKI U NIVERSITY OF T ECHNOLOGY My solution AAA Architecture with tick payments
H ELSINKI U NIVERSITY OF T ECHNOLOGY Design principles Parallel AAA and MIP signaling Reduced number of signaling messages Periodic payments SPKI with RSA Ideas from Ipay, DIAMETER and BillNeat
H ELSINKI U NIVERSITY OF T ECHNOLOGY Architectural elements AAAH, SHA, HA AAAF, HFA, FA Broker MN Buyer
H ELSINKI U NIVERSITY OF T ECHNOLOGY Architecture
H ELSINKI U NIVERSITY OF T ECHNOLOGY Trust relationships H ELSINKI U NIVERSITY OF T ECHNOLOGY
Security RSA for signatures SHA for payment messages Symmetric encryption for authentication, session keys, and signatures Session ID Billing ID Timestamps for replay protection
H ELSINKI U NIVERSITY OF T ECHNOLOGY Protocol operation Registration protocol –Slow mode: sequential, for compatibility –Fast mode: Parallel, optional grace period Payment protocol –Real time payments –Localized message handling –Policy based authorization –User controls the size of the bill
H ELSINKI U NIVERSITY OF T ECHNOLOGY Slow mode
H ELSINKI U NIVERSITY OF T ECHNOLOGY Fast mode
H ELSINKI U NIVERSITY OF T ECHNOLOGY Payment protocol
H ELSINKI U NIVERSITY OF T ECHNOLOGY Conclusions Potential for significant improvements with parallel signaling Static trust relationships concentrated within organizational units Flexibility with SPKI and Policy Management Tick payments: efficiency & control
H ELSINKI U NIVERSITY OF T ECHNOLOGY Future research ideas More extensive use of SPKI Trust relationships Certificate management Improved verification of credibility Integration with DIAMETER Policy management with distributed policies
H ELSINKI U NIVERSITY OF T ECHNOLOGY Q & A ?
H ELSINKI U NIVERSITY OF T ECHNOLOGY AAA Architecture for hierarchical wireless Mobile IPv4 Tom Weckström WWW H ELSINKI U NIVERSITY OF T ECHNOLOGY